Amazon_ApiGateway_4
When authorization Type is set to None any one with access to the APIGateway network can use it if the gateway is public anyone can use the API
From TF:
Set a authorizer to your api Gateway
resource “aws_api_gateway_method” “test” {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
+ http_method = “…” # i.e “GET”, “PUT”, “OPTIONS”: if http_method != “OPTIONS”
+ authorization = “…” #authorization != “NONE”
# OR
+ http_method = “OPTIONS” # if http_method == “OPTIONS”
+ authorization = “NONE” # authorization = “NONE”
authorizer_id = aws_api_gateway_authorizer.this.id
}
References:
1.https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.